Those posts make no sense. It's not an attack, but mere market manipulation. If you can just get 51% of a currency by repeatedly FUDding, then you're golden anyways.
From then on it's not N@S at all - because you earned 51%. It's a 51%@Stake attack. You're harming yourself.
No. The point is that the attacker also has a much larger short position in the currency. So while the attacker looses on the stake this is more than offset by the gains on the short position. |
|
|
|
Just what we need after Bitcoin is crashing and people are afraid of hacking, make people afraid of alts and Bitcoin, so they use Apple Pay. Brilliant.
If there are vulnerabilities, maybe inform legit people of them so they can try to repair them, instead of running some new scam?
People should be afraid of POS. It is at a very fundamental level no different from Apple, or a wall street bank, without the safety net provided by the government regulators. POS is a bad emulation of wall street. POW is a good emulation of gold. Edit: This is not as simple as a code vulnerability that a dev can fix. It is very fundamental. |
|
|
|
...
...and if the attacker is unsuccessful crashing the price with his 1 billion due to to others buying the dollar then he is BK'd. What you are describing can be applied to any asset or stock including BTC.
Yes this would be a classic bear raid. Pirateat40 tried that with Bitcoin and failed. The crucial difference with POS is that in addition the attacker has the option of voting the borrowed stake against the interests of the coin in order to induce panic and further cause a price drop. It literally turns POS on its head since you have a major "stakeholder" with a vested interest in the coin's collapse. What I am suggesting is the combination of a bear raid attack using leverage with a 51% type attack on the POS network using the borrowed stake. In this scenario both attacks will feed on each other creating a positive feedback for the attack. The key is that the attacker has the actual POS coins but also has a much larger short position. The bear raid side is what pirateat40 tried with Bitcoin and failed. Edit: 5% to sell short and induce a "bear raid" https://en.wikipedia.org/wiki/Bear_raid 5% to wreck havoc on the network by voting the stake against the interests of the coin. To use the 1 billion USD example. The attacker borrows 2 billion USD. The attacker has 2 billion USD and a 2 billion USD debt. The attacker sells 1 billion USD for 870 million EUR.The attacker now has 870 million EUR, 1 billion USD and 2 billion USD in debt. The attacker now uses the 1 billion USD to cause the value of the USD to go to zero. The attacker is now left with 870 million EUR, 0 USD (the 1 billion USD was spent in order to crash the price) and a debt of 2 billion USD now worth 0 for a net profit of 870 million EUR. To clarify, you are suggesting the bear raid attack (which PoW coins are equally susceptible towards) is used to leverage a N@S attack on a PoS coin? I.E... Someone with 1% PoS stake borrows 9% stake with many different profiles as not to arouse suspicion. They than proceed to sell 5% stake for BTC (most likely over time as not to bring suspicion and to get the most BTC), they than perform a bear raid attack with the remaining 5% and marketing FUD on the exchanges with low liquidity causing the currency to crash to almost 0 , repaying the debts on the 9% borrowed from the BTC which are now insignificant and than buying back the PoS for very cheap(from many accounts/profiles to not arouse suspicion) increasing ones stake from 10% to 30% or higher , and this manipulation can occur several times till the attacker can perform a N@S attack at will. In reality with Nxt this attack could easily be performed by one of the original whales even more easily than above. Between 4-15 Nxt users control over 51% of the coins thus any individual whale has between a 13% to 4% stake right from the get go. With PoW this attack is not possible because hashing power/Electricity is needed to launch an attack instead of existing stake. With PoS the attacker could actually profit off of destroying the currency. With PoW attackers need to subtract the profits generated from the bear raid from the expenses from a 51% Attack and thus the attacker is incentivized to only play market manipulation games for profit rather than attacking the currency itself. Yes this is the kind of attack I am suggesting. Create a positive feedback between the N@S attack and the bear raid. |
|
|
|
|
What is the situation with renewals? Are they due by the end of this month? How is this going to be handled?
|
|
|
|
Only 10% is needed? Please describe the attack.
The guy attacked a dead coin where only 10% of the stake was active...
It was already described by ArticMine. He isn't discussing a 51% attack on the PoS coin if you are conflating the attacks.
With mining pools, how would you know that you lend your forging power to 1 person or 10?
This kind of security is not enough for me, sorry.
Agreed, when people are so focused on a limited scope of attacks they don't see all the other attacks that are possible from bugs in the code, to economic attacks , to social attacks and how each of these currencies have their own unique set of problems. I.E... The fact that Bitshares had such a small ecosystem and developer pool one developer was able to strong arm the community by presenting a conflict of interest to attack the currency and remove one of the incentives many of the community bragged about (no inflation) to create a massive inflationary attack which has weakened their currency tremendously even compared to BTC which has its own set of problems. This is why I am suggesting Bitcoin should be strengthened and not merely replace one set of weaknesses for another. How would you know they were?
Have we come so far that "guilty until proven innocent"?
Of course. We should all study, prepare for and protect against hypothetical attacks before they happen. Agree on everything. Except the attack ArcticMine described. Indeed, lending out your own money is never a good idea, be it PoW or PoS. I still don't see what the attacker would do with 10% of the marketcap of a good PoS system besides running away with the money... 5% to sell short and induce a "bear raid" https://en.wikipedia.org/wiki/Bear_raid 5% to wreck havoc on the network by voting the stake against the interests of the coin. To use the 1 billion USD example. The attacker borrows 2 billion USD. The attacker has 2 billion USD and a 2 billion USD debt. The attacker sells 1 billion USD for 870 million EUR.The attacker now has 870 million EUR, 1 billion USD and 2 billion USD in debt. The attacker now uses the 1 billion USD to cause the value of the USD to go to zero. The attacker is now left with 870 million EUR, 0 USD (the 1 billion USD was spent in order to crash the price) and a debt of 2 billion USD now worth 0 for a net profit of 870 million EUR. |
|
|
|
|
The real test for NXT will come if someone sets up a ponzi using NXT.
|
|
|
|
|
This discussion gives a good perspective on POS. The security of a POS network is ultimately based upon the credit worthiness of the likes of Trendon Shavers and Mark Karpelès
|
|
|
|
POS is based on the premise that majority of all people will not lend or borrow money to the same guy. This is its fundamental flaw.
FIFY. Bitcoin is based on the premise that that majority of all miners will not lend their mining power to the same mining pool. Which flaw is more fundamental? POS of course. I can change the pool settings on my XBT miner any time I want. Now compare this with getting repaid by pirateat40 or MTGox. |
|
|
|
|
POS is based on the premise that people will not lend or borrow money. This is its fundamental flaw.
|
|
|
|
...
how on earth did you come to the conclusion that you dont need the coins to stake? :/
You have the coins in your possession and stake them, they are just not yours. so your talking about borrowing coins? do you honestly think its even remotely possible to borrow 10% of any coins total cap? id love to see you try and borrow even 1% of bitcoin lol Pirateat40 came very close to doing just that. The liabilities of "First Pirate Savings and Trust" later called "Bitcoin Savings and Trust" approached 800.000 XBT when the total XBT emission was around 8,000,000 XBT. More recently we have MTGox. So a variant of this attack would be to "Gox" the POS coin. Keep in mind that only 5% is needed for the attack according to cynicSOB. The rest were sold short over time. |
|
|
|
...
how on earth did you come to the conclusion that you dont need the coins to stake? :/
You have the coins in your possession and stake them, they are just not yours. It is no different from borrowing a car and driving it. The car is in your possession but it does not belong to you. |
|
|
|
...
With PoS the largest shareholders are fixed targets who are less likely to be unseated due to not being dependent upon constantly reinventing their business model and technology to be competitive. Stakeholders can choose to horde or sell off their coins from forging/stake holding thus ensuring some early adopters remain in positions of authority.
...
No. With POS that largest "stakeholders" can in fact have a large short position, and have a vested interest in the collapse of the coin. There is no requirement in POS that one owns the coin in order to stake it. |
|
|
|
|
I am dealing with a much more fundamental problem with POS namely that that an attacker can build up a very significant stake in the coin while at the same time having a large short exposure to the coin. This creates a situation where the attacker has a large stake and a vested interest in the collapse of the coin. Pirateat40 is relevant here because he did just that with Bitcoin by borrowing large quantities of XBT and selling some of them short. He also tried very hard to cause the price of Bitcoin to fall. If one combines this with the attack that cynicSOB is referring to then the effect is significantly magnified. I suspect cynicSOB is referring to a combination of the fact that a very significant portion of the coins are not staking, and a time warp attack. Time warp attacks have been used against POW coins that have low hashrates, and can be defended against by the use of time stamping. Essentially saying that one does not accept a longer chain that involves reorganization after a certain number of blocks.
As for an authority one needs an authority to prevent the massive borrowing of the POS coin by for example a ponzi scheme. In the pirateat40 case this was the US SEC and the US Courts.
|
|
|
|
|
I would say that POS requires a centralized authority to prevent collapse.
|
|
|
|
POS has one fundamental flaw. Stake does not equal exposure as pirateat40 proved back in 2011 / 2012 https://bitcointalk.org/index.php?topic=50822.0. Show me a POS system that can deal with pirate. Edit: Without the help of the US Government. Could you elaborate? I'm not sure what you mean. I will elaborate on the idea against nxt. But that link you sent regarding PPC is not about practical impossibility of N@S. It's only about practical impossiblity of the particular attack that the writer describes. This was proven by my attack on APEX. Also, it has some flaws: "They must wait 90 days to get another optimal chance to attack after a failed attempt" is wrong, if you mine your chain in private and publish it only when it has accumulated more work than the main chain then you can attempt this after every block. "If you buy 1% of Peercoins and put them all in the same output (similar to an address), you might have about a 3% chance of finding the next block." is also wrong: 1% gives you about 20% chance of a block. 5% guarantees success. So it I understand this correctly an attacker could borrow rather than buy say 10% of the target POS coin. This could be done for example using a pirateat40 type scheme. Sell half of the borrowed POS coins short, and use the remaining 5% of the borrowed coins to launch the attack. This would cause the price of the coin to collapse creating massive profits for our short seller / attacker. There is some real Bitcoin history here that is a must for anyone either attacking or defending a POS coin. Here is a good place to start. https://bitcointalk.org/index.php?topic=50822.0. pirateat40 failed with Bitcoin but Bitcoin is POW! I can just imagine what would have happened to Bitcoin if pirateat40 could have used the borrowed XBT to launch an attack on the Bitcoin blockchain. This would indeed have been the case if Bitcoin had been POS. |
|
|
|
POS has one fundamental flaw. Stake does not equal exposure as pirateat40 proved back in 2011 / 2012 https://bitcointalk.org/index.php?topic=50822.0. Show me a POS system that can deal with pirate. Edit: Without the help of the US Government. |
|
|
|
I will elaborate on the idea against nxt. But that link you sent regarding PPC is not about practical impossibility of N@S. It's only about practical impossiblity of the particular attack that the writer describes. This was proven by my attack on APEX. Also, it has some flaws: "They must wait 90 days to get another optimal chance to attack after a failed attempt" is wrong, if you mine your chain in private and publish it only when it has accumulated more work than the main chain then you can attempt this after every block. "If you buy 1% of Peercoins and put them all in the same output (similar to an address), you might have about a 3% chance of finding the next block." is also wrong: 1% gives you about 20% chance of a block. 5% guarantees success. So it I understand this correctly an attacker could borrow rather than buy say 10% of the target POS coin. This could be done for example using a pirateat40 type scheme. Sell half of the borrowed POS coins short, and use the remaining 5% of the borrowed coins to launch the attack. This would cause the price of the coin to collapse creating massive profits for our short seller / attacker. There is some real Bitcoin history here that is a must for anyone either attacking or defending a POS coin. Here is a good place to start. https://bitcointalk.org/index.php?topic=50822.0. pirateat40 failed with Bitcoin but Bitcoin is POW! I can just imagine what would have happened to Bitcoin if pirateat40 could have used the borrowed XBT to launch an attack on the Bitcoin blockchain. This would indeed have been the case if Bitcoin had been POS. |
|
|
|
Yes... in the other thread  Done. |
|
|
|
Stake does not equal exposure: Consider for example a pirateat40 style "trust" on a POS coin. The "trust" has a very significant stake combined with a very significant short exposure, and consequently a vested interest in the collapse of the currency, and can vote the stake accordingly. https://en.bitcoin.it/wiki/Pirateat40. POS rewards the creators of ponzi schemes. A variant of this is an exchange gone bad. Again the exchange operator controls a massive stake via customer deposits but no exposure, and if fraud occurs creating a fractional reserve. The exchange has a vested interest in the collapse of the currency in order to cover losses and can vote the stake accordingly. Buying the currency while at the same time selling a greater amount on a derivatives market, creating a large stake with a short exposure and vested interest in the collapse of the currency. Again the stake can be voted accordingly. Need I go on ... Cross posted from https://bitcointalk.org/index.php?topic=924725.msg10158797#msg10158797 |
|
|
|
|
Show Posts
